Merge pull request #1 from Stromweld/working

working copy

Author: Stromweld

CHANGELOG.md

@@ -1,13 +1,9 @@
-# CHANGELOG for timezone_ii
+# CHANGELOG for autopatch_ii
 
-## 2.0.0 (4/19/2017)
+## 1.0.1 (4/20/2017)
 
-- [Corey Hemminger] - changed hash rockets to new hash style
-
-## 1.0.1 (4/18/2017)
-
-- [Corey Hemminger] - fixed windows idempotency
+- [Corey Hemminger] - Fixed bugs and tested to be working
 
 ## 1.0.0 (4/18/2017)
 
-- [Corey Hemminger] - Initial commit
+- [Corey Hemminger] - Initial commit

README.md

@@ -1,4 +1,127 @@
+[![Code Climate](https://codeclimate.com/github/Stromweld/autopatch_ii/badges/gpa.svg)](https://codeclimate.com/github/Stromweld/autopatch_ii)
+[![Issue Count](https://codeclimate.com/github/Stromweld/autopatch_ii/badges/issue_count.svg)](https://codeclimate.com/github/Stromweld/autopatch_ii)
+
 # autopatch_ii
 
-TODO: Enter the cookbook description here.
+## Description
+
+Chef Cookbook for automatically patching nodes on a specific schedule (weekday, hour, and minute). Handles weekly or monthly patching routines with or without node splay for large environments.
+
+Much of this code was copied from chef cookbook auto-patch written by Brian Flad. I've modified it to work with windows and use windows more flexible task scheduling with some magic to get it to also work with linux cron.
+
+## Requirements
+
+### Platforms
+
+* RHEL based platforms
+* Windows
+
+### Cookbooks
+
+* cron
+* logrotate
+
+## Attributes
+
+| Attribute | Default | Comment |
+| -------------  | -------------  | -------------  |
+| ['autopatch_ii']['disable'] | false | Boolean, enable or disable patches |
+| ['autopatch_ii']['domain'] | 'example.com' | String, Domain server resides in |
+| ['autopatch_ii']['task_username'] | 'SYSTEM' | String, Used only for winows task scheduling |
+| ['autopatch_ii']['task_frequency'] | :monthly | Symbol, one of either :monthly or :weekly |
+| ['autopatch_ii']['task_frequency_modifier'] | 'THIRD' | String, used to denote which week of the month you want to run the task |
+| ['autopatch_ii']['task_months'] | 'JAN,FEB,MAR,APR,MAY,JUN,JUL,AUG,SEP,OCT,NOV' | String, CSV list of short names for months you want the task to run in, * is used for all months |
+| ['autopatch_ii']['task_days'] | 'TUE' | String, which days of the week in short form you want the task to run on |
+| ['autopatch_ii']['task_start_time'] | '04:00' | String, Military time setting for when to run patches |
+| ['autopatch_ii']['working_dir'] | node['os'] == 'windows' ? 'C:\chef_autopatch' : '/var/log/chef_autopatch' | String, Directory for log file and temp files |
+| ['autopatch_ii']['download_install_splay_max_seconds'] | 3600 | Integer, Max allowed random time to wait before downloading and installing patches, this way we don't overwhelm on premise patch repo |
+| ['autopatch_ii']['email_notification_mode'] | 'Always' | String, whether to send email after patches and before reboot with status of patch install |
+| ['autopatch_ii']['email_to_addresses'] | '"[email protected]"' | String, email address for nodes to send the email to |
+| ['autopatch_ii']['email_from_address'] | "#{node['hostname']}@example.com" | String, email address the email came from |
+| ['autopatch_ii']['email_smtp_server'] | 'smtp.example.com' | String, email server to forward the email to, relay with no authentication is recommended |
+| ['autopatch_ii']['auto_reboot_enabled'] | true | Boolean, to reboot the server automatically after patches have been installed or to leave it for manual reboot |
+| ['autopatch_ii']['updates_to_skip'] | [] | Array of Strings, package names to skip during patches on linux |
+| ['autopatch_ii']['update_command_options'] | '' | String, any additional options to be passed to the yum command on linux |
+| ['autopatch_ii']['private_lin_autopatch_disabled_programmatically'] | false | Boolean, DO NOT MODIFY THIS, this is modified programatically based on if cron job should skip this month or not |
+
+## Recipes
+
+* `recipe[autopatch_ii]` configures automatic patching and patches server on first chef-client run
+* `recipe[autopatch_ii::firstrun_patches]` creates a lock file and runs patches for the first time, afterwards doesn't run as long as lock file exists on the filesystem.
+* `recipe[autopatch_ii::linux]` creates cron job and sets up autopatch scripts
+* `recipe[autopatch_ii::windows]` creates windows task and sets up autopatch scripts
+
+## Usage
+
+* Change any attributes to fit your patching cycle
+* Add `recipe[autopatch_ii]` to your node's run list
+
+### Weekly automatic patching
+
+Just use the `node["autopatch_ii"]['task_frequency'] = :weekly` attribute to override the monthly setting.
+
+### Automatic patching of large numbers of nodes
+
+If you're auto patching many nodes at once, you can optionally modify the splay to prevent denial of service against your network, update server(s), and resources:
+
+* Adding `node["autopatch_ii"]["splay"]`
+
+### Using roles to specify auto patching groups
+
+If you'd like to specify groups of nodes for auto patching, you can setup roles.
+
+Say you want to auto patch some nodes at 8am and some at 10pm on your monthly
+"patch day" of the fourth Wednesday every month.
+
+If you have a base role (you do, right?), you can save duplicating attributes
+and specify some base information first:
+
+    "autopatch_ii" => {
+      "task_frequency" => :weekly,
+      "task_days" => 'TUE'
+    }
+
+Example role that then could be added to 8am nodes:
+
+    name "autopatch-0800"
+    description "Role for automatically patching nodes at 8am on patch day."
+    default_attributes(
+      "autopatch_ii" => {
+        "task_start_time" => '08:00'
+      }
+    )
+    run_list(
+      "recipe[autopatch_ii]"
+    )
+
+Example role that then could be added to 10pm nodes:
+
+    name "autopatch-2200"
+    description "Role for automatically patching nodes at 10pm on patch day."
+    default_attributes(
+      "autopatch_ii" => {
+        "task_start_time" => '22:00'
+      }
+    )
+    run_list(
+      "recipe[autopatch_ii]"
+    )
+
+### Disabling automatic patching
+
+* Specify `node["autopatch_ii"]["disable"]` to true
+* Run chef-client on your node
+
+## License and Author
+
+Author:: Brian Flad (<[email protected]>)
+
+Author:: Corey Hemminger (<[email protected]>)
+
+Copyright:: 2017
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
+
+<http://www.apache.org/licenses/LICENSE-2.0>
 
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

attributes/default.rb

@@ -0,0 +1,38 @@
+#
+# Cookbook:: autopatch_ii
+# Attribute:: default
+#
+# Copyright:: 2017, Corey Hemminger
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default['autopatch_ii']['disable'] = false
+default['autopatch_ii']['domain'] = 'example.com'
+default['autopatch_ii']['task_username'] = 'SYSTEM'
+default['autopatch_ii']['task_frequency'] = :monthly
+default['autopatch_ii']['task_frequency_modifier'] = 'THIRD'
+default['autopatch_ii']['task_months'] = 'JAN,FEB,MAR,APR,MAY,JUN,JUL,AUG,SEP,OCT,NOV'
+default['autopatch_ii']['task_days'] = 'TUE'
+default['autopatch_ii']['task_start_time'] = '04:00'
+default['autopatch_ii']['working_dir'] = node['os'] == 'windows' ? 'C:\chef_autopatch' : '/var/log/chef_autopatch'
+default['autopatch_ii']['download_install_splay_max_seconds'] = 3600
+default['autopatch_ii']['email_notification_mode'] = 'Always'
+default['autopatch_ii']['email_to_addresses'] = '"[email protected]"'
+default['autopatch_ii']['email_from_address'] = "#{node['hostname']}@example.com"
+default['autopatch_ii']['email_smtp_server'] = 'smtp.example.com'
+default['autopatch_ii']['auto_reboot_enabled'] = true
+default['autopatch_ii']['updates_to_skip'] = []
+default['autopatch_ii']['update_command_options'] = ''
+
+# This attribute is used internally - it should never be set outside the cookbook itself, hence the 'private' designation
+default['autopatch_ii']['private_lin_autopatch_disabled_programmatically'] = false

libraries/autopatch.rb

@@ -0,0 +1,76 @@
+#
+# Cookbook:: autopatch_ii
+# Library:: autopatch
+#
+# Copyright:: 2017, Corey Hemminger
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'date'
+
+# autopatch_ii helper logic
+# Chef class
+class Chef
+  # Chef::Recipe class
+  class Recipe
+    # Chef::Recipe::AutoPatch class
+    class AutoPatch
+      WEEKS = %w(first second third fourth) unless defined?(WEEKS)
+      WEEKDAYS = %w(sunday monday tuesday wednesday thursday friday saturday) unless defined?(WEEKDAYS)
+
+      def self.monthly_date(year, month, monthly_specifier)
+        Date.new(year, month, monthly_day(year, month, monthly_specifier))
+      end
+
+      def self.monthly_day(year, month, monthly_specifier)
+        week, weekly_specifier = monthly_specifier.split(' ')
+        week.downcase!
+        weekly_specifier.downcase!
+        Chef::Application.fatal!('Unknown week specified.') unless WEEKS.include?(week)
+
+        first_day_occurance = 1
+        while weekday(weekly_specifier) != Date.new(year, month, first_day_occurance).wday
+          first_day_occurance += 1
+        end
+        first_day_occurance + (WEEKS.index(week) * 7)
+      end
+
+      def self.next_monthly_date(monthly_specifier, hour, minute)
+        current_time = Time.now
+        current_patch_time = Time.new(
+          current_time.year,
+          current_time.month,
+          monthly_day(current_time.year, current_time.month, monthly_specifier),
+          hour,
+          minute
+        )
+
+        date = if current_time > current_patch_time
+                 if current_time.month == 12
+                   monthly_date(current_time.year + 1, 1, monthly_specifier)
+                 else
+                   monthly_date(current_time.year, current_time.month + 1, monthly_specifier)
+                 end
+               else
+                 current_patch_time
+               end
+        date
+      end
+
+      def self.weekday(weekly_specifier)
+        Chef::Application.fatal!('Unknown weekday specified.') unless WEEKDAYS.include?(weekly_specifier)
+        WEEKDAYS.index(weekly_specifier)
+      end
+    end
+  end
+end

libraries/autopatch_helpers.rb

@@ -0,0 +1,41 @@
+#
+# Cookbook:: autopatch_ii
+# Library:: autopatch_helpers
+#
+# Copyright:: 2017, Corey Hemminger
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Module to translate short name to full name
+module AutoPatchHelper
+  def self.getLCaseWeekdayFromAbbreviation(abbreviatedWeekday)
+    case abbreviatedWeekday.downcase
+    when 'mon'
+      'monday'
+    when 'tue'
+      'tuesday'
+    when 'wed'
+      'wednesday'
+    when 'thu'
+      'thursday'
+    when 'fri'
+      'friday'
+    when 'sat'
+      'saturday'
+    when 'sun'
+      'sunday'
+    else
+      raise "Could not determine weekday from abbreviation '#{abbreviatedWeekday}'"
+    end
+  end
+end

metadata.rb

@@ -4,17 +4,24 @@
 license 'Apache-2.0'
 description 'Installs/Configures autopatch_ii'
 long_description 'Installs/Configures autopatch_ii'
-version '0.1.0'
-chef_version '>= 12.1' if respond_to?(:chef_version)
+version '1.0.1'
+chef_version '>= 12.6' if respond_to?(:chef_version)
 
 # The `issues_url` points to the location where issues for this cookbook are
 # tracked.  A `View Issues` link will be displayed on this cookbook's page when
 # uploaded to a Supermarket.
 #
-# issues_url 'https://github.com/<insert_org_here>/autopatch_ii/issues'
+issues_url 'https://github.com/Stromweld/autopatch_ii/issues'
 
 # The `source_url` points to the development reposiory for this cookbook.  A
 # `View Source` link will be displayed on this cookbook's page when uploaded to
 # a Supermarket.
 #
-# source_url 'https://github.com/<insert_org_here>/autopatch_ii'
+source_url 'https://github.com/Stromweld/autopatch_ii'
+
+%w(amazon centos fedora redhat scientific oracle windows).each do |os|
+  supports os
+end
+
+depends 'cron'
+depends 'logrotate'

recipes/default.rb

@@ -16,3 +16,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+directory 'Auto Patch Working Directory' do
+  path node['autopatch_ii']['working_dir']
+  action :create
+end
+
+include_recipe 'autopatch_ii::firstrun_patches'
+include_recipe node['os'] == 'windows' ? 'autopatch_ii::windows' : 'autopatch_ii::linux'